| Foreword | ix |
| Preface | xi |
| PART I INTRODUCTION AND DESIGN | |
| CHAPTER 1 Security 101 | 3 |
| Why Build Secure Applications? | 3 |
| Security Defined | 4 |
| Why Is Security Difficult? | 4 |
| The Golden Rules (and Some Others) | 7 |
| Threats, Safeguards, Vulnerabilities, and Attacks | 12 |
| CHAPTER 2 A Process for Building Secure Web Applications | 15 |
| A Security Design Process | 16 |
| Application Design | 26 |
| An Example | 28 |
| PART II TECHNOLOGIES AND TRADE-OFFS | |
| CHAPTER 3 Windows 2000 Security Overview | 43 |
| The Impact of Active Directory | 44 |
| Authenticated Logon | 46 |
| Authentication | 46 |
| Privileges | 47 |
| User Accounts and Groups | 48 |
| Domains and Workgroups | 48 |
| DOMAIN/Account Names and User Principal Names | 49 |
| Managing Accounts | 51 |
| Security Identifiers (SIDs) | 53 |
| Tokens | 54 |
| Access Control Lists | 57 |
| Impersonation | 68 |
| Delegation | 69 |
| Miscellaneous Windows 2000 Security Features | 73 |
| CHAPTER 4 Internet Explorer Security Overview | 85 |
| Privacy | 86 |
| Code Safety and Malicious Content | 87 |
| Security Zones | 89 |
| SSL/TLS and Certificates | 93 |
| Cookie Security | 95 |
| CHAPTER 5 Internet Information Services Security Overview | 99 |
| Internet Authentication | 100 |
| Configuring SSL/TLS | 134 |
| IIS Authorization-the Marriage of Windows 2000 Security and the Web | 149 |
IIS Process Identities
|
